Untitled

Transcription

Untitled

bintec R1202
Disponibilité : 01/03/2010
Routeur IP multifonctionnel -VPN-
Le produit bintec R1202 est un routeur puissant, et flexible car il est équipé de nombreux ports, dont un port RNIS
intégré pour une configuration à distance ou comme secours automatique. Spécialement conçu pour l'accès Internet
haut-débit, il est idéal en VPN pour les travailleurs mobiles ou les PMEs/PMIs. Grâce à son boîtier métallique 19", et à
son principe d'alimentation, la passerelle garantit une fiabilité des plus sûres pour des applications cruciales.
L'équipement possède 5 ports Ethernet Gigabit, qui peuvent être configurés en LAN, WAN ou DMZ, et est livré en
sortie d'usine avec une licence supportant 5 tunnels IPSec avec accélérateur matériel. Le nombre de tunnels
simultanés peut être augmenté jusqu'à 100 en achetant une licence supplémentaire.
Le port RNIS intégré peut être utilisé pour une configuration à distance ou comme secours automatique.
Utilisation des fonctionnalités en souplesse
Seules quelques fonctions sont nécessaires pour transmettre les paquets de données entre deux réseaux. Le routeur
bintec R1202 possède les caractéristiques qui vont bien au-delà du routage et peut s'intégrer dans des infrastructures
IT.
Comme protocoles de routage, vous pouvez utiliser RIP, OSPF ou le support "multicast" PIM-SM par exemple, qui fait
que ce produit est idéal pour les applications qui utilisent les techniques de multimédia ou de streaming. Même
l'équipement de base de la Série, le R1202 fournit un niveau SIP Gateway (ALG) pour la connexion directe des
téléphones IP au sein du réseau ou l'enregistrement auprès d'un fournisseur de VoIP. L'ALG contrôle automatiquement
le pare-feu interne, facilitant ainsi la configuration de la solution VoIP.
Grâce à la qualité de service (QoS) intégrée, vous pouvez privilégier le trafic VoIP traffic par rapport au trafic normal,
par exemple, et ainsi assurer toujours la bande passante nécessaire pour vos connexions VoIP. Vous pouvez de ce fait
décider de donner la priorité à votre trafic de données plutôt qu'au trafic lié à la messagerie (e-mail). La fonction DNS
proxy prend en charge le réseau local pour la mise en oeuvre d'adresses et la configuration automatique des adresses
Ip est réalisée via le serveur intégré DHCP.
CAPI distant est disponible pour l'utilisation conjointe des différents services RNIS.
Implémentation IPSec
IPSec, intégré au routeur bintec R1202 travaille soit avec des clés pré-partagées soit avec des certificats, ce qui assure
un maximum de sécurité. L'Office Fédéral de la Sécurité de l'Information recommande l'utilisatiobn de certificats. IPsec
permet de créer de connexions VPN avec des adresses IP dynamiques : des petites agences peuvent être atteintes
sans forcément être en permanence en ligne. Si les deux noeuds VPN possèdent des adresses dynamiques, les
informations confidentielles sont assurées. L'échange d'adresses IP est effectué soit par le fournisseur DNS, soit
directement via RNIS. L'adresse dynamique encours est transférée gratuitement sur le cannal D RNIS, ou en cas
d'impossibilité sur le canal B, moyennant un coût.
En utilisant le mode Config IKE et l'IPSec bintec multi-utilisateurs, il est possible de créer et de gérer des solutions
"dial-in" pour de nombreux clients, à peu de frais . De plus, l'authentification étendue IKE X-Auth permet une connexion
sécurisée, avec un mot de passe unique pour une sécurité encore plus performante.
Répartition de charge/secours
Le routeur bintec R1202 offre un niveau unique de flexibilité car ils sont pourvu d'un large panel d'interfaces. Il peut être
configuré avec deux interfaces WAN. En conséquence, il y a non seulement davantage de bande passante, mais
également possibilité de véhiculer le trafic sur des connexions WAN personnalisées, en fonction de la charge ou du
type de données. De même, vous pouvez utiliser une liaison (ex. SDSL) pour la connexion VPN du siège et de l'équipe
commerciale et un port WAN en second pour une connexion ADSL à moindre coût garantissant le flux des autres
données de l'entreprise.
Notre protocole BRRP permet à deux équipements d'être gérés comme s'il s'agissait d'un seul appareil dans le LAN. Ils
disposent chacun de leur propre adresse IP et MAC pour chaque interface insi que d'une adresse virtuelle. Elle est
enregistrée comme"entrée" pour tous les routeurs du LAN. Les deux passerelles communiquent via le protocole bintec
si l'une d'elle tombe en panne, l'autre prend automatiquement en charge la totalité du trafic.
Configuration et maintenance aisées
Le routeur est configuré via l'interface FCI, qui utilise l'assistant de configuration intégré. Ce configurateur FCI est basé
sur le web graphique, et accessible à partir de n'importe quel micro-ordinateur dôté d'un navigateur, soit via HTTP, soit
via un cryptage en HTTPS. Il offre également la possibilité de gérer, en local ou à distance,les équipements via Telnet,
SSH et RNIS.
DIME Manager de Funkwerk Enterprise Communications (FEC) est un outil gratuit de gestion d'équipements FEC.
Il est destiné aux administrateurs qui gèrent des réseaux comportant jusqu'à 50 appareils. Ce logiciel simplifie la
gestion et la configuration de routeurs et des points d'accès, soit individuellement, soit par groupe. Lors de sa
conception, l'objectif premier de cet outil, était sa simplicité. En effet, il autorise les mises à jour logicielles ou les
configurations par simple "drag and drop". Il reconnaît et gère les nouveaux dispositifs du réseau grâce à la
multidiffusion utilisée par le SNMP : en d'autres termes, indépendemment de leur adresse actuelle.
Funkwerk Enterprise Communications, 6-8 Avenue de la Grande Lande - 33174 GRADIGNAN - FRANCE
bintec R1202
Tel: +33 (0) 557 35 63 00
01.04.2010
Fax: +33 (0) 556 89 14 05
Sous reserve de
E-Mail: [email protected] - www.funkwerk-ec.com
modifications
Interface RNIS
Feature
Description
CAPI
CAPI 2.0 with CAPI user concept (password for CAPI use)
ISDN protocols
Euro-ISDN (Point-to-mulitpoint/Point-to-point)
ISDN leased lines
Supported leased lines: D64S, D64S2, TS02, D64S2Y
ISDN auto-configuration
Automatic recognition and configuration of ISDN protocols
B channel protocols
Excellent interoperability with other manufacturers (Raw HDLC, CISCO HDLC, X.75)
X.31 over CAPI
Support for various connection paths: X.31/A for ISDN D-channel, X.31/A+B for ISDN
B-channel, X.25 within ISDN B-channel (also leased lines)
Bit rate adaption
V.110 (1,200 up to 38,400 bps), V.120 up to 57,600 kbps (HSCSD) for connection to GSM
subscribers
VPN
Feature
Description
PPTP (PAC/PNS)
Point to Point Tunneling Protocol for establishing fo Virtual Privat Networks, inclusive strong
encryption methods with 128 Bit (MPPE) up to 168 Bit (DES/3DES, Blowfish)
PPP / PPTP hardware acceleration
Integrated hardware acceleration for PPP/PTPP encryption algorithms DES, 3DES, MPPE
GRE v.0
Generic Routing Encapsulation V.0 according RFC 2784 for common encapsulation
L2TP
Layer 2 tunnelling protocol inclusive PPP user authentication
Number of VPN tunnels
Inclusive 110 active PPTP, L2TP and GRE v.0 tunnels (also in combination possible)
IPSec
Internet Protocol Security establishing of VPN connections
Number of VPN tunnels
Inclusive 10 active VPN tunnels, optional up to 110 IPSec tunnels
IPSec Algorithms
DES (64 Bit), 3DES (192 Bit), AES (128,192,256 Bit), CAST (128 Bit), Blowfish (128-448 Bit),
Twofish (256 Bit); MD-5, SHA-1, RipeMD160, Tiger192 Hashes
IPSec hardware acceleration
Integrated hardware acceleration for IPSec encryption algorithms DES, 3DES, AES inclusive
hardware acceleration for MD-5, SHA-1 Hash generation
IPSec IKE
IPSec key exchange via preshared keys or certificates
IPSec IKE Config Mode
IKE Config Mode server enables dynamic assignment of IP addresses from the address pool
of the company. IKE Config Mode client enables the router, to get assigned dynamically an IP
address.
IPSec IKE XAUTH (Client/Server)
Internet Key Exchange protocol Extended Authenticaion client for login to XAUTH server and
XAUTH server for loging of XAUTH clients
IPSec IKE XAUTH (Client/Server)
Inclusive the forwarding to a RADIUS-OTP (One Time Password) server (supported OTP
solutions see www.funkwerk-ec.com).
IPSec NAT-T
Support of NAT-Traversal (Nat-T) for the application at VPN lines with NAT
IPSec IPComp
IPSec IPComp data compression for higher data throughput via LZS
IPSec certificates (PKI)
Support of X.509 multi-level certificates compatible to Micrososft and Open SSL CA server;
upload of PKCS#7/8/10/12 files via TFTP, HTTP, HTTP, LDAP, file upload and manual via FCI
IPSec SCEP
Certificates management via SCEP (Simple Certificate Enrollment Protocol)
IPSec Certificate Revocation Lists
(CRL)
IPSec Dead Peer Detection (DPD)
Support of remote CRLs on a server via LDAP or local CRLs
IPSec dynamic IP via ISDN
Transmission of dynamic IP address in ISDN D or B channel; free-of-charge licence necessary
IPSec dynamic DNS
Enables the registering of dynamic IP addresses by a dynamic DNS provider for establishing a
IPSec connection.
IPSec RADIUS
Authentication of IPSec connections at a RADIUS server. Additionally the IPSec peers, which
were configured on a RADIUS server, can be loaded into the gateway (RADIUS dialout).
IPSec Multi User
Enables the Dial-in of several IPSec clients via a single IPSec peer configuration entry
IPSec QoS
The possibility to operate Quality of Service (traffic shaping) inside of an IPSec tunnel
IPSec NAT
By activating of NAT on an IPSec connection it is possible, to implement several remote
locations with identical local IP addess networks in different IP nets for the VPN connection
IPSec throughput (1400)
86 Mbps with 1400 Byte packets with AES 256 / AES 128 / 3 DES encryption
IPSec throughput (256)
19 Mbps with 1400 Byte packets with AES 256 / AES 128 / 3 DES encryption
Continuous control of IPSec connection
bintec R1202
Tel: +33 (0) 557 35 63 00
01.04.2010
Fax: +33 (0) 556 89 14 05
Sous reserve de
modifications
Sécurité
Feature
Description
NAT/PAT
Symmetric Network and Port Address Translation (NAT/PAT) with randomly generated ports
inclusive Multi NAT (1:1 translation of whole networks)
Policy based NAT/PAT
Network and Port Address Translation via different criteria like IP protocols, source/destination
IP Address, source/destination port
Policy based NAT/PAT
For incoming and outgoing connections and for each interface variable configurable
Content Filtering
Optional ISS/Cobion Content filter (30 day test license inclusive)
Stateful Inspection Firewall
Packet filtering depending on the direction with controling and interpretation of each single
connection status
Packet Filter
Filtering of IP packets according to different criteria like IP protocols, source/destination IP
address, source/destination port, TOS/DSCP, layer 2 priority for each interface variable
configurable
Routage
Feature
Description
Policy based Routing
Extended routing (Policy Based Routing) depending of diffent criteria like IP protocols
(Layer4), source/destination IP address, source/destination port, TOS/DSCP,
source/destination interface and destination interface status
Multicast IGMP
Support of Internet Group Management Protocol (IGMP v1, v2, v3) for the simultaneous
distribution of IP packets to several stations
Multicast IGMP Proxy
For easy forwarding of multicast packets via dedicated interfaces
Multicast Routing Protocol PIM SM
Protocol Independent Multicast (PIM) distributes information via a central Rendezvous Point
Server. PIM Modus Sparse Mode (SM) forwards only packets to groups which have been
requested
Multicast inside IPSec tunnel
Enables the transmission of multicast packets via an IPSec tunnel
RIP
Support of RIPv1 and RIPv2, separated configurable for each interface
Extended RIP
Triggerd RIP updates according RFC 2091 and 2453, Poisened Rerverse for a better
distribution of the routes; furthermore the possibility to define RIP filters for each interface.
OSPF
Support of the dynamic routing protocol OSPF
BGP4
On request
Routing throughput (1518)
199 Mbps with 1518 Byte packets
Routing throughput (256)
198 Mbps with 256 Byte packets
Protocoles/Encapsulation
Feature
Description
PPP/MLPPP
Support of Point to Point Protocol (PPP) for establishing of standard PPP connections,
inclusive the Multilink extension MLPPP for the bundeling of several connections
PPPoE (Server/Client)
Point-to-Point Protocol over Ethernet (Client and Server) for establisching of PPP connections
via Ethernet/DSL (RFC 2516)
MLPPPoE (Server/Client)
Multilink extension MLPPPoE for bundeling several PPPoE connections (only if both sides
support MLPPPoE)
DNS
DNS client, DSN server, DNS relay and DNS proxy
DYN DNS
Enables the registering of dynamic assigned IP addresses at adynamic DNS provider, e.g. for
establishing of VPN connections
DNS Forwarding
Enables the forwarding of DNS requests of free configurable domains to assigned DNS
server.
DHCP
DHCP Client, Server, Proxy and Relay for siplified TCP/IP configuration
Packet size controling
Adaption of PMTU or automatic packet size controling via fragmentation
X.25 Enhanced
Optional: X.25 over ISDN, XOT, X.25 to TCP Gateway, X.25 PAD, TP0 Bridge
bintec R1202
Tel: +33 (0) 557 35 63 00
01.04.2010
Fax: +33 (0) 556 89 14 05
Sous reserve de
modifications
Qualité de Service (QoS)
Feature
Description
Policy based Traffic Shapping
Dynamic bandwidth management via IP traffic shaping
Bandwidth reservation
Dynamic reservation of bandwidth, allocation of guaranteed and maximum bandwidths
DiffServ
Priority Queuing of packets on the basis of the DiffServ/TOS field
Layer2/3 tagging
Conversion of 802.1p layer 2 priorisation information to layer 3 diffserv attributes
TCP Download Rate Control
For reservation of bandwidth for VoIP connections
Répartition de charge
Feature
Description
BRRP
Bintec Router Redundancy Protocol for backup of several passive or active devices with free
selectable priority
BoD
Bandwidth on Demand: dynamic bandwidth to suit data traffic load
Load Balancing
Static and dynamic load balancing to several WAN connections on IP layer
VPN backup
Simple VPN backup via different media. Additional enables the Funkwerk interface based VPN
concept the application of routing protocols for VPN connections.
Fonctionnalité Couche 2
Feature
Description
Bridging
Support of layer 2 bridging with the possibility of separation of network segment via the
configuration of bridge groups
VLAN
Support of up to 32 VLAN (Virtual LAN) for segmentation of the network in independent virtual
segments (workgroups)
Proxy ARP
Enables the router to answer ARP requests for hosts, which are accessible via the router. That
enables the remote clients to use an IP address from the local net.
bintec R1202
Tel: +33 (0) 557 35 63 00
01.04.2010
Fax: +33 (0) 556 89 14 05
Sous reserve de
modifications
Logging / Monitoring / Reporting
Feature
Description
Internal system logging
Syslog storage in RAM, display via web-based configuration user interface (http/https), filter
for subsystem, level, message
External system logging
Syslog, several syslog server with different syslog level configurable
E-Mail alert
Automatic E-Mail alert by definable events
SNMP traps
SNMP traps (v1, v2, v3) configurable
Activity Monitor
Sending of information to a PC on which Brickware is installed
IPSec monitoring
Display of IPSec tunnel and IPSec statistic; output via web-based configuration user interface
(http/https)
Interfaces monitoring
Statistic information of all pysical and logical interfaces (ETH0, ETH1, SSIDx, ...), output via
web-based configuration user interface (http/https)
ISDN monitoring
Display of active and past ISDN connections; output via web-based configuration user
interface (http/https)
IP accounting
Detailed IP accounting, source, destination, port, interface and packet/bytes counter,
transmission also via syslog protocol to syslog server
ISDN accounting
Detailed ongoing recording of ISDN connection parameter like calling number and charging
information, transmission also via syslog protocol to syslog server
RADIUS accounting
RADIUS accounting for PPP, PPTP, PPPoE and ISDN dialup connections
Keep Alive Monitoring
Control of hosts/connections via ICMP polling
Tracing
Detailed traces can be done for different protocols e.g. ISDN, PPPoE, ... generation local on
the device and remote via DIME manager
Tracing
Traces can be stored in PCAP format, so that import to different open source trace tools (e.g.
wireshark) is possible.
bintec R1202
Tel: +33 (0) 557 35 63 00
01.04.2010
Fax: +33 (0) 556 89 14 05
Sous reserve de
modifications
Administration/Gestion
Feature
Description
RADIUS
Central check of access authorization at one or several RADIUS server, RADIUS (PPP, IPSec
inclusive X-Auth and login authentication)
RADIUS dialout
On a RADIUS server configured PPP und IPSec connection can be loaded into the gateway
(RADIUS dialout).
TACACS+
Support of TACACS+ server for login authentication and for shell comando authorization
Time synchronization
The device system time can be obtained via ISDN and from a SNTP server (up to 3 time
server configurable). The obtained time can also be transmitted per SNTP to SNTP clients.
Automatic Time Settings
Time zone profiles are configurable. That enables an automatic change from summer to winter
time.
Supported management systems
DIME Manager, XAdmin
Configurable scheduler
Configuring of time and event controlled tasks, e.g. reboot device, activate/deactivate
interface, activate/deactivate WLAN, trigger SW update and configuration backup
Funkwerk Configuration Interface
(FCI)
Integrated web server for web-based configuration via HTTP or HTTPS. This user interface is
by most of Funkwerk EC products identical.
Software update
Software updates are free of charge; update via local files, HTTP, TFTP or via direct access to
the FEC web server
Remote maintenance
Remote maintenance via telnet, SSL, SSH, HTTP, HTTPS and SNMP (V1,V2,V3)
Configuration via serial interface
Serial configuariton interface is available
ISDN remote maintenance
Remote maintenance via ISDN dial-in with checking of the calling number. The ISDN remote
maintenance connection between two funkwerk devices can be encrypted.
ISDN remote maintenance
A transparent mode enables transmissions of configurations and software updates
respectively
GSM remote maintenance
Remote maintenance via GSM login (external modem and cable required)
Device discovery function
Device discovery via SNMP multicast.
On The Fly configuration
No reboot after reconfiguration required
SNMP
SNMP (v1, v2, v3), USM model, VACM views, SNMP traps (v1, v2, v3) configurable, SNMP IP
access list configurable
SNMP configuration
Complete management with MIB-II, MIB 802.11, Enterprise MIB
Configuration export and import
Load and save configurations, optional encrypted; optional automatic control via scheduler
SSH login
Supports SSH V1.5 and SSH V2.0 for secure connections of terminal applications
HP OpenView
Integration into Network Node Manager
XAdmin
Support of XAdmin roll out and configuration managemant tool for larger router installations
(IP+ISDN+GSM)
Interfaces
Feature
Description
Ethernet
5 x 10/100/1000 Mbps Ethernet Twisted Pair, autosensing, Auto MDI/MDI-X, up to 4 ports can
be switches as additional WAN ports incl. load balancing, all Ethernet ports can be configured
as LAN or WAN.
Serial console
Serial console interface / COM port (mini USB): optional, connection of an analogue / GPRS
modem is possible (supported modems: see www.funkwerk-ec.com)
ISDN Basic Rate (BRI)
1 x BRI (TE), 2 B channels
bintec R1202
Tel: +33 (0) 557 35 63 00
01.04.2010
Fax: +33 (0) 556 89 14 05
Sous reserve de
modifications
Caractéristiques matérielles
Feature
Description
19 inch
Mountable in 19 inch rack, incl. 19 inch rack mount kit
Realtime clock
System time persists even at power failure for some hours.
Environment
Temperature range: Operational 0°C to 40°C; storage -10°C to 70°C; Max. rel. humidity 10 95% (non condensing)
Power supply
Integrated wide range power supply 110-240V, with energy efficient swiching controller
Power consumption
Max. 15 Watt, typ. 13 Watt
housing
19 inch 1 high unit metal case, screw-on 19 inch mounting-angle, LEDs and network
connectors at front side
Dimension
Ca. 485.6 mm x 220 mm x 45 mm (W x H x D)
Weight
Ca. 2600g
Fan
Fanless design therefor high MTBF
Reset button
Restart or reset to factory state possible
Standards and certifications
R&TTE directive 1999/5/EG; EN 55022; EN 55024 + EN 55024/A1; EN61000-3-2; EN
61000-3-3; EN 61000-4-4; EN 60950-1; EN 300 328
Pack de livraison
Feature
Description
Manual
Quick Installation Guide in German and English
DVD
DVD with system software, management software and documentation
Ethernet cable
1 Ethernet cable, 3m
Network cable
Power cable
Serial cable
Serial cable (mini USB - DSUB 9 female)
ISDN (BRI/S0) cable
ISDN (BRI/S0) cable, 3m
Service
Feature
Description
Warranty
2 year manufacturer warranty inclusive 24h advanced replacement
Software Update
Free-of-charge software updates for system software (BOSS) and management software
(DIME manager)
N° article
Feature
Description
bintec R1202; art. no. 5510000210
VPN Gateway; 19 inch rack; 1x ISDN BRI; incl. 10 IPSec tunnels (opt. max. 110), certificates,
HW encryption; 4+1 Gigabit Eth. switch; german and intern. version.
bintec R1202 - UK; art. no.
5510000262
VPN Gateway; 19 inch rack; 1x ISDN BRI; incl. 10 IPSec tunnels (opt. max. 110), certificates,
HW encryption; 4+1 Gigabit Eth. switch; UK version.
Options
Feature
Description
VPN-IPSec-25
License for 25 additional activ IPSec tunnels; art. no. 5500000781
X.25
License for X.25 feature set; art. no. 5500000783
Cobion Content Filter Small
License for one year Cobion content filter (small); art. no. 80551
MPPC and Stac compression
Free-of-charge license for Stac and MPPC compression; registration under
www.funkwerk-ec.com required
IP address ISDN B/D channel license
Free of charge license for IP address transmission in ISDN D or B channel for IPSec
connections; registering under www.funkwerk-ec.com required.
Service package 'medium'
Warranty extension of 3 years to a total of 5 years, including advanced replacement for FEC
products of the category "medium". (Please find a ) detailed description as well as an overview
of the categories on www.funkwerk-ec.com/servicepackages.
Advanced Replacement
Optional (with costs) advanced replacement outside of warranty time
bintec R1202
Tel: +33 (0) 557 35 63 00
01.04.2010
Fax: +33 (0) 556 89 14 05
Sous reserve de
modifications

Untitled

Transcription

Documents pareils

Untitled

Routeur VPN avec switch 4 ports 10/100Mbps Firewall D

Untitled

Untitled - D2B Informatique

Fiche applicative Indépendance totale grâce au R1200wu

Product presentation

Faiblesses d`IPSec en déploiements réels

TheGreenBow IPsec VPN Client

Recrutement d`un Technicien d`Exploitation Informatique Société

Stormshield SN700

Spécial Mutuelle

Série VM - Palo Alto Networks